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Abstract 

There is currently increasing interest and ac- 
tivity in the area of reliability and fault toler- 
ance for robotics. This paper discusses the ap- 
plication of Standards in robot reliability, and 
surveys the literature of relevant existing stan- 
dards. A bibliography of relevant Military and 
NASA standards for reliability and fault toler- 
ance is included. 

1 Introduction 

Applications of intelligent robots are expanding 
to remote and hazardous environments, such 
as nuclear waste handling, and undersea and 
space operations. Fault tolerance and reliabil- 
ity are of paramount importance in these en- 
vironments, since repair is often difficult, and 
failures potentially catastrophic. 

However, efforts in robot reliability and 
fault tolerance have often been piecemeal and 
application-specific. The formality and consis- 
tency across applications of Standards and Pro- 
tocols are successfully applied to many other 
engineering areas. 

The Standards documentation spans sev- 
eral different categories. There axe Hand- 
books (Reliability of Electronic Equipment 
[7], MIL-HDBK-217F, Fault Tree Handbook 
[25], NUREG-0492), Parts Specifications and 
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Standards (Aircraft Data Bus [13], MIL-STD- 
1553B, Aircraft 28V DC Motors [10], MIL- 
M-8609B) Procedures and Programs (Failure 
Modes, Effects Analysis [14], MIL-STD-1629A, 
System Safety Program [20], MIL-STD-882), 
and Data Item Descriptions (Format for re- 
ports required under procedures FMEA [2], for 
example DI-R-7085A). 

Standards utilization varies widely (Reliabil- 
ity Data in MIL-HDBK-217F covers a vari- 
ety of components under thermal stress, some 
Standards include handbooks on failure data 
for electronic equipment, an Aircraft Surviv- 
ability Program Standard [16], MIL-STD-2072, 
references documents from the Defense Nuclear 
Agency on Nuclear Weapon Effects on Air- 
craft). However, most Standards deal with 
non-nuclear environments, and further studies 
are needed for hazardous waste sites. There 
are also Standards for Software Quality [3], for 
example DOD-STD-2168. 

This paper will discuss the potential appli- 
cation and tailoring for robotics applications of 
the existing standards, including the Robotic 
Industries Association (RIA) and American 
National Standard for Industrial Robots and 
Robot Systems standards. A standard has 
been developed for safety requirements [28], 
ANSI/RIA R15.06-1986 and a new standard is 
proposed for reliability [27], BSR/RLA R15. 05- 
3-199X. For example, procedures for a fail- 
ure modes and effects analysis (FMEA) de- 
scribed in standard MIL-STD-1629A, together 
with DI-R-7085A, allow tailoring of the speci- 


282 


fications to the robot needs. We will note the 
use of FMEA in robot system reliability [1], to- 
gether with ongoing work in architectures for 
robot fault detection and fault tolerance [30]. 

2 Standards Categories 

The military standards literature can be di- 
vided into a number of major categories [26, 
31]. These include handbooks and parts speci- 
fications useful in the characterization of com- 
ponents for a system. Other documents de- 
scribe procedures and programs which are use- 
ful for design, analysis, or system operation. 
Additionally, data item description documents 
provide standardized report generation proce- 
dures which are useful for system specification 
and procurement. 

2.1 Handbooks 

One of the more widely used military standards 
handbooks is MIL-HDBK-217F, Reliability of 
Electronic Equipment [7]. This handbook pro- 
vides tables to calculate failure rates for a num- 
ber of electronic components from resistors and 
capacitors, to switches and relays, to motors 
and resolvers. Reliability data for mundane 
components, such as connectors, is presented 
along with failure estimates for complex inte- 
grated circuits, such as microprocessors. The 
failure rates are also based on the environment 
in which the component is expected to be used 
from benign ground use to extreme missile or 
cannon launch. Thermal effects on component 
reliability are considered very important in the 
derating analysis. 

NASA has published a standard for reliabil- 
ity [24], NASA-TM-4322 which references the 
data in MIL-HDBK-217F. In the NASA doc- 
ument, tables are given which further derate 
components for space use beyond the factors 
given in MIL-HDBK-217F. Examples of failure 
rate calculations are given in section 3. 

The use of MIL-HDBK-217F is described in a 
tutorial handbook, MIL-HDBK-338-1A, Elec- 
tronic Reliability Design Handbook [8]. A valu- 


able handbook for system reliability analysis 
is published by the Nuclear Regulatory Com- 
mission as NUREG-0492, the Fault Tree Hand- 
book [25]. 

2.2 Parts Specifications 

In addition to the more generic handbooks, 
there is a large collection of standards for indi- 
vidual parts. Many of the standards were de- 
veloped for a particular military project which 
required a specific design. Many of the stan- 
dards for aircraft components may be useful for 
specifying the reliability of robotic assemblies. 
Electric motors [10] are described in MIL-M- 
8609B while hydraulic actuators are described 
in MIL-A-5503E [5] and MIL-M-7997C [9]. 
The bibliography lists other standards for com- 
ponents such as shaft encoders and various 
switches which could be used as limit switches. 
As an example, the standard for an aircraft 
computer data bus, MIL-STD-1553B [13] was 
used in the design specification of the NASA 
Flight Telerobotic Servicer (FTS) project [22]. 

2.3 Procedures and Programs 

When a particular system is in the design 
phase, it is useful to perform a failure modes 
and effects analysis. Tools such as fault trees 
may be used to generate this analysis. In ad- 
dition, the analysis needs to be customized for 
the system and its intended use. In MIL-STD- 
1629A, a procedure for a generic Failure Modes 
and Effects Analysis [14] is given. For systems 
that may cause harm to people or other equip- 
ment, a safety protocol should be developed. In 
MIL-STD-882, a System Safety Program [20] 
which identifies hazards is described. 

2.4 Data Item Descriptions 

Data item descriptions describe the format for 
reports required under various procedures. For 
example, reports generated for a failure modes 
and effects analysis of a system would be writ- 
ten in a format given [2] by DI-R-7085A. NASA 
has similar doucmentation formats such as the 
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NASA Assurance Specification Documentation 
Standard [23], NASA-TM-101859. These for- 
mat specifications are valuable in generating 
design, operation and maintenance documents. 

3 Failure Probability 

As detailed in [1, 25], the probability of a com- 
ponent failure can be calculated from a failure 
rate for the component [4]. Given a constant 
failure rate A and using the exponential distri- 
bution, the probability of failure at time t is 

w= 

m = 1 - e- At , 

the reliability of the component in the system 
is given by 

R(t) = 1 - p(t ) = e -At , 

and the mean time to failure (MTTF) is given 
as 

MTTF = 1/A. 

If the failure rate is small, the probability of 
failure is often approximated as Xt [25]. An 
expert system can be used to model compo- 
nent decay by using time- dependent probabili- 
ties [25]. A small update routine monitors the 
system time and modifies the basic probability 
facts during the life of the robot. 

Various methods can be used to determine 
the failure rate A. For example, in [7], the av- 
erage failure rate A m for a D.C. motor is esti- 
mated as 

= [(* 2 /a|) + (1/W)] 

failures per 10 6 hours, where t is the operating 
time period for which A m is the average fail- 
ure rate, ag is the bearing characteristic life, 
and a\y is the winding characteristic life of the 
device. Both a# and ot\y depend on the am- 
bient temperature for the device, with expres- 
sions given in [7]. For an ambient temperature 
of 20 °C, an operating period of 100 hours, the 
data in [7] gives a failure rate of 6.3 x 10“ 7 
failures per hour. 

Also in [7], the average failure rate A r for a 


resolver is given as 

A r = XbWs^N^E 

failures per 10 6 hours, where A& is the base fail- 
ure rate (exponentially related to ambient tem- 
perature), 7 ts is a factor related to the device 
size, 7 nv is related to the number of brushes, 
and we is an environmental factor. For a small 
resolver with 4 brushes and the same ambient 
temperature as the motor above in a (possibly 
mobile) ground-based environment, the failure 
rate A r is found from data in [7] to be 1.6 x 10" 6 
failures per hour. 

The calculation of failure rates is useful to 
complete a fault tree analysis. Once failure 
rates have been found for the components, it is 
possible to compute failure probabilities from 
this data. Within the fault trees, these failure 
probabilities are combined through the logic 
gates using simple multiplication and addition 
[25]. The probability of failure for the output 
event of an AND-gate is the product of all the 
input probabilities and a conservative estimate 
of the output event probability for an OR-gate 
is the sum of the input probabilities. 

In [29], an expert system is used to main- 
tain the probability of failure for each node 
within the fault tree. The operator initializes 
only the basic components (leaves) in the tree 
with appropriate probability facts. The expert 
system then initializes the probabilities for in- 
ner nodes of the tree by combining the basic 
component probabilities through the gates in 
the tree structure. For purposes of design and 
planning, it is possible to explore the effects of 
individual component reliability on the overall 
reliability of the system. 

4 Conclusions 

Fault tolerance is of increasing concern in the 
design and use of robots. The military, nuclear 
power, and space programs have developed a 
number of reliability standards for the design 
and analysis of complex systems. The applica- 
tion of these standards to the design of robots 
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will be extremely important in many applica- 
tions, particularly in hazardous environments. 
Industrial groups, such as RIA, have proposed 
standards for safety and are currently develop- 
ing standards for reliability. 
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